[SOLVED] VPN Server Setup

[sporadic_kit]

Hi forum, I am trying to setup a VPN server inside my home network so that I can remotely connect external devices to my LAN. Just looking for some suggestions on the best way to do this.

I am running a BT HomeHub6 router which doesn't have any VPN capabilities so need to setup another device to act as the VPN server. I have an old Netgear FVS318N (ProSafe Wireless-N 8-Port Gigabit VPN Firewall ) lying around which I have been fiddling about with to try and get working but its not looking like I will be able to do it unless the Netgear was acting as the primary router for my LAN (although I could be wrong here). Does anyone know how to setup the NetGear with the BT HomeHub 6 to recieve external VPN connections?

Surely its just a matter of enabling VPN on the netgear then setting up port forwarding rules for the VPN service?

 

[sporadic_kit]

sod it im gonna just upgrade the router to one that has VPN support built in. AC

 

[SamirD]

I actually have the FVS318N, and it is terrific for what you are needing to do, making robust, industry standard IPsec tunnels to any other device that supports IPsec tunnels.

I have several of these deployed across the US connecting various sites together so they look like they are on one single lan. It's great for devices that were never intended to work this way too since they don't even know they are connected to or accessed by someone or something else many miles away. And the beauty is that all of this traffic is encapsulated so it's secure at the packet level. No worries about holes in your firewall or whatever.

Now, I usually use these as the main router as they are stable and fast enough to handle what I need them to (even though the specs say it can only do 250Mbps wan to lan, I have found that they can do much more than that and even spike up to 800Mbps+). But in 2 different cases, I've had to put them behind other routers, once with Verizon and once with AT&T. With Verizon it was pretty simple as I was able to just put it in the dmz of the Verizon router. With AT&T, that didn't work as phase 2 of the ipsec connection was somehow being blocked. The solution for that was to get a block of static IPs from AT&T that even though they had to be programmed into the same router that was blocking phase 2 in the dmz, worked with the static IPs.

I use the ipsec tunnels exactly how you're wanting to connect external devices. We have various multifunction devices, nas units, security cameras, and more that all connect into a central location seamlessly. Anyone from any location with access to headquarters can look at any asset anywhere at any time, and in real-time--all on our private vpn. Hope this helps!

 

[failboat]

What speeds are you trying to get? openvpn is the easiest to setup but also limited on throughput. I run multiple openvpn server/clients on a proxmox server with hardware AES working. intel J4105 is inexpensive to buy and run 24/7. I haven't tested the max I can get from it. an i3 or i5 might be better if you want to hit >100Mbs speeds. VPN ties up a core so there is plenty leftover for other stuff which is why I like proxmox.

pfsense has an easy to configure openvpn server plus it will export clients for windows preconfigured. the site-to-site is also nice if you have two locations you want to connect 24/7 using local ips both ways. site-to-site has a lot of vendor options. you buy the same router on both sides and it works pretty easy. ERX is $50/ea and with two you can get s2s at decent speeds as long as you dont enable a feature that turns off hardware offload.